Date: Wed, 11 Oct 2006 15:33:26 -0400 From: Garance A Drosihn <drosih@rpi.edu> To: Jason Stone <freebsd-security@dfmm.org>, freebsd security <freebsd-security@freebsd.org> Cc: security-officer@freebsd.org, FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: [fbsd] HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon Message-ID: <p06230910c152cf2743ce@[128.113.24.47]> In-Reply-To: <20061011083021.C2780@treehorn.dfmm.org> References: <451F6E8E.8020301@freebsd.org> <20061011102106.GY1594@obiwan.tataz.chchile.org> <20061011151458.L97038@atlantis.atlantis.dp.ua> <20061011083021.C2780@treehorn.dfmm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 8:42 AM -0700 10/11/06, Jason Stone wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >>>Though I admit RELENG_4 is getting dusty, it is not rusty. I believe it >>>is still used in many places because of its stability and performance. >>>[...] >>>Is it envisageable to extend the RELENG_4's and RELENG_4_11's EoL >>>once more ? > >> Yes, I'm also voting for it. > >I realize that resources to keep chasing this stuff are in limited >supply, but if you solicit the opinion of the community, I'd bet >that more people would rather see 4.x support continue than 5.x >support. While this is an interesting idea, please realize that if we are supporting 6.x (and we are!), then it is much less work to also support 5.x than it is to support 4.x instead of 5.x. The effort for one is not the same as the effort for the other. But I do agree that this is an interesting idea. In a different message, Dan Lukes wrote: > Even if no new ports will be compilable on 4.x, even if the >old ports will not be updated with exception of update caused by >security bug, I vote for delaying EOL of 4.11 That's easy to say. But then that security bug will be in an old version of openssh, and to fix it you'll need to update *both* openssh and openssl, and to compile openssl you'll need a newer version of, oh, some compiler. Or the latest libtool. Or it will assume a variety of changes have been made to base-system include files under /usr/include/**.h. (Note that I face this very issue with a variety of old Solaris and IRIX machines here at work. It's one thing to say "Oh, I'll just apply one little security fix", and it's another when you figure out it's going to take you two weeks of solid work to do successfully do that) More to the point, we might not even know there *is* a security exposure in the system you are running. Maybe someone stumbles upon a new exploit in an ancient version of <some-component>, but everyone running 5.x and 6.x and 7.x is already running the newer version. Thus, we won't even know that 4.x users have a serious security issue which needs to be fixed. You can't just keep voting to say "support me forever", and have it cost nothing. Someone, somewhere, has to put up the time and effort to actually do that support. And realistically, that someone has to be the people who are actively running 4.x. Me, I have no desire to run 4.x. I have become too accustomed to a variety of nice features which are in 6.x. I'm also in the process of replacing two of my PC's (because they are having hardware trouble), and once I do that I only have one PC which will even bootup in 4.x -- and that is a 10-year-old PC which I hope to replace before the end of the year. (of course, I'm only one freebsd developer, and I do not claim to be speaking for security@freebsd or re@freebsd. I'm just saying, more and more FreeBSD developers are actively running on newer hardware, and thus that is where their expertise is...) -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p06230910c152cf2743ce>